AzoftCase StudiesHow to Fix ‘Certificate is not valid’ Error for Enterprise Apps on iOS 7.1

How to Fix ‘Certificate is not valid’ Error for Enterprise Apps on iOS 7.1

By Anton Demenev on March 19, 2014

The recent Apple’s update to iOS 7.1 has brought down our local distribution channels hosted on iphone.example.com. Any installation attempt caused the ‘Cannot install applications because the certificate is not valid’ error. Here's how we solved the problem.

What happened

The 7.1 update forced all software installation services to use the HTTPS protocol, also covering non-standard itms-services:// URLs.

To solve the problem, we used the Class 1 StartSSL certificate. Below you’ll find the Apache config that adds certificate support and a code snippet for changing links in existing *.plist files automatically.

Apache config

example.com.ssl.decrypt.key – the decrypted private key

iphone.example.com.ssl.crt – your subdomain certificate

sub.class1.server.ca.pem – the certificate chain

Since the old services used the HTTP protocol, you need to enable Apache server name options for VirtualHost.

Add the following line to the httpd.conf file:

NameVirtualHost *:443

Now you need to duplicate the VirtualHost config and set a redirect from HTTP to HTTPS. Clone the file and add the line to first copy:

Redirect permanent / https://iphone.example.com/

Adding the following certificates directives to the in second config file (change VrtualHost port and instance name, if needed.):

This command changes URLs in all *.plist files stored in a local directory.

Note. If you’ve got SVN services hosted on this server, you might see an error on a MacOS SVN client: Client is not working with ‘SSL handshake error’. To fix, add the following SSL directives for the SVN VirtualHost.